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BACKGROUND OF THE INVENTION 



1. Field of the Invention 

This invention relates generally to providing and controlling access and/or 
5 services in a network communications system, where the network communications 
system and its methods comprise enabling a network infrastructure to support one or 
more users and/or one or more venues. 

2. Description of Related Art 

10 Various types of wired and wireless infrastructures are being developed to 

provide High-speed Internet Access (HSIA) to users of computing devices, such as 
portable computing devices. Currently, numerous providers are attempting to install 
wired and/or wireless network infrastructures in various locations, such as airports, 
hotels, office buildings, coffee shops, train stations, law offices, marinas, restaurants, and 

1 5 stores, etc. for use by various users. 

A variety of networks are used to implement HSIA today. Computer networks 
include local area networks (LANs), metropolitan area networks (MANs), wide area 
networks (WANs), intranets, the Internet and other types of communications networks. 
Communication networks include those for conventional telephone service, cellular 

20 networks of different varieties, paging services and others. Networks are used for many 
purposes, including to communicate, to access data, and to execute transactions. For 
many reasons, including security, it is often necessary to confirm or authenticate the 
identity of a user or some type of authorization, such as an access code, before permitting 
access to data or a transaction to occur on the network. Further, authentication and/or 

25 access control may be of paramount importance in HSIA. 

In many venues, a venue owner and/or operator may wish to provide HSIA. The 
venue owner/operator may wish to charge a fee for access of HSIA, or provide HSIA as 
an amenity for purchasing goods and/or services from the venue. Authorization and/or 
access control to network services may be employed to ensure collection of money for 

30 access and/or at least a purchase of goods and/or services of the venue may occur as a 
prerequisite to accessing network services at the venue. 
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In other instances, a network provider may wish to service multiple venues with a 
network communications system. This may allow each venue in an area of service an 
ability to customize and/or provide access control to HSIA provided by the network 
communication system of the network provider. 
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SUMMARY OF THE INVENTION 



One embodiment of the present invention comprises a system and method for 
providing access and or service of a network included in a network communications 
5 system (NCS) to one or more users. The NCS may include a plurality of access points 
coupled to a first network. The access points include wireless access points and may also 
include wired access points. Access points (APs) of the NCS may be widely distributed 
in various facilities and/or venues, such as airports, hotels, mass-transit stations, and 
various businesses, such as business offices, restaurants, and stores, e.g., coffee shops or 

10 restaurants at an airport. The NCS may comprise a wide area network, such as the 
Internet. A plurality of venues may provide network services, such as Internet access, 
through the NCS or a portion of the NCS. 

In one embodiment, a user, may access the NCS through a computing device 
using, for example, a wireless (or wired) network interface card. When in sufficiently 

15 close range to an access point, the computing device may wirelessly access the NCS, or 
the computing device may be directly connected to a wired connection. A user of the 
computing device may input an access code through an input device of the computing 
device. In an alternate embodiment, a distribution unit may input the access code through 
an input of the computing device. The computing device provides the access code to the 

20 NCS. A component of the NCS receives the access code and access and/or services of 
the network may be provided to the computing device dependent on a validity of the 
access code and various attributes which may be associated with the access code. 



Atty. Dkt No. 5285-08201 



Page 3 Meyertons, Hood, Kivlin, Kowert & Goetzel 



BRIEF DESCRIPTION OF THE DRAWINGS 



Other objects and advantages of the invention will become apparent upon reading 
the following detailed description and upon reference to the accompanying drawings in 
5 which: 

FIG. 1 is a block diagram of one embodiment of a network communications 
system according to one embodiment; 

FIG. 1A is a block diagram of one embodiment of a network communications 
system according to one embodiment; 
10 FIG. 2 is a diagram of one embodiment of a distribution of an access code 

according to one embodiment; 

FIG. 3 is a diagram of one embodiment of a distribution of an access code 
according to one embodiment; 

FIG. 4 is a diagram of one embodiment of a distribution of an access code 
1 5 according to one embodiment; 

FIG. 5 is a diagram of one embodiment of a distribution of an access code 
according to one embodiment; 

FIG. 6 is a diagram of one embodiment of a distribution of an access code from 
an ally according to one embodiment; 
20 FIG. 7 is a diagram of one embodiment of a distribution of an access code 

according to one embodiment; 

FIG. 8 is a flowchart of a method for a computer system providing authorization 
and access of a computing device to one or more networks according to one embodiment; 
and 

25 FIG. 9 is a flowchart of a method for a coupling to a network comprised in a 

network communications system according to one embodiment. 

While the invention is susceptible to various modifications and alternative forms, 
specific embodiments thereof are shown by way of example in the drawings and will 
30 herein be described in detail. It should be understood, however, that the drawings and 
detailed description thereto are not intended to limit the invention to the particular form 
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disclosed, but on the contrary, the intention is to cover all modifications, equivalents and 
alternatives falling within the spirit and scope of the present invention as defined by the 
appended claims. 

5 Priority Claim 

This application claims benefit of priority of provisional application Serial No. 
60/454,212 titled "CHIT CODE SYSTEM OF AUTHENICATION AND ACCESS 
CONTROL" filed on March 11, 2003, whose inventors are Ian M. Fink and James D. 
Keeler. 

10 

DETAILED DESCRIPTION 

Incorporation by Reference 

U.S. Patent No. 5,835,061, titled "Method and Apparatus for Geographic-Based 
15 Communications Service", whose inventor is Brett B. Stewart, is hereby incorporated by 
reference in its entirety as though fully and completely set forth herein. 

U.S. Patent No. 5,969,678, titled "System for Hybrid Wired and Wireless 
Geographic-Based Communications Service", whose inventor is Brett B. Stewart, is 
hereby incorporated by reference in its entirety as though fully and completely set forth 
20 herein. 

U.S. Patent Application Serial No. 09/433,817 titled "Geographic Based 
Communications Service" and filed on November 3, 1999, whose inventors are Brett B. 
Stewart and James Thompson, is hereby incorporated by reference in its entirety as 
though fully and completely set forth herein. 

25 U.S. Patent Application Serial No. 09/433,818 titled "A Network 

Communications Service with an Improved Subscriber Model Using Digital Certificates" 
and filed on November 3, 1999, whose inventors are Brett B. Stewart and James 
Thompson, is hereby incorporated by reference in its entirety as though fully and 
completely set forth herein. 

30 U.S. Patent Application Serial No. 09/551,309 titled "System and Method for 

Managing User Demographic Information Using Digital Certificates" and filed on April 
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18, 2000, whose inventors are Brett B. Stewart and James Thompson, is hereby 
incorporated by reference in its entirety as though fully and completely set forth herein. 

U.S. Patent Application Serial No. 09/767,374 titled "Distributed network 
communication system which allows multiple wireless service providers to share a 
5 common network infrastructure" and filed on January 22, 2001, whose inventors are 
James Thompson, Kathleen E. McClelland, and Brett B Stewart, is hereby incorporated 
by reference in its entirety as though fully and completely set forth herein. 

U.S. Provisional Patent Application Serial No. 60/383,827 titled "Roaming" AND 
filed on May 29, 2002, whose inventors are James D. Keeler and Matthew M. Krenzer, is 
10 hereby incorporated by reference in its entirety as though fully and completely set forth 
herein. 

U.S. Patent Application Serial No. 10/341,761 titled "AUTHORIZATION AND 
AUTHENTICATION OF USER ACCESS TO A DISTRIBUTED NETWORK 
COMMUNICATION SYSTEM WITH ROAMING FEATURES" and filed on January 

15 14, 2003, whose inventors are James D. Keeler and Matthew M. Krenzer, is hereby 
incorporated by reference in its entirety as though fully and completely set forth herein. 

U.S. Patent Application Serial No. 10/387,337 titled "SYSTEM AND METHOD 
FOR USER ACCESS TO A DISTRIBUTED NETWORK COMMUNICATION 
SYSTEM USING PERSISTENT IDENTIFICATION OF SUBSCRIBERS" and filed on 

20 March 11, 2003, whose inventors are James D. Keeler, Ian M. Fink, and Matthew M. 
Krenzer, is hereby incorporated by reference in its entirety as though fully and 
completely set forth herein. 

One embodiment of the present invention is directed to an authorization and 
25 access control system for a venue or a geographic region comprising a plurality of 
venues. The authorization and access control system provides one or more computing 
devices selective access to one or more networks and/or services available in a network 
communications system by distributing a substantially unique string of characters (an 
"access code") to each user of a computing device. The access code can then be entered 
30 via an input device, such as a keyboard or its equivalent, of the computing device. This 
enables the computing device to gain access to one or more networks and/or services at a 
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venue or geographic region with the network communications system. The authorization 
and access control system is useful and may have several advantages in several venues, 
with a network communications system, such as coffee shops, hotels, truck stops, fueling 
stations, train stations, law offices, marinas, restaurants, and stores, among others. 
5 Various embodiments are also useful and may be advantageous in a geographic region 
comprising a plurality of possible venues. 

Figure 1 — A Network Communications System 

FIG. 1 shows one embodiment of a distributed network communication system 

10 (NCS) 100. NCS 100 may include one or more access points (APs) 120A-D. The 
wireless access points 120A-B communicate with a computing device 110 in a wireless 
fashion, while the wired access points 120C-D communicate with computing device 110 
in a wired fashion. Each wireless access point (AP) may have a wireless connection or 
transceiver and may operate according to various wireless standards, such as wireless 

15 Ethernet (IEEE 802.11), IEEE 802.16, Bluetooth, and/or General Packet Radio Service 
(GPRS), among others. 

Each of the access points 120A-D may be coupled to a network 130. The network 
130 may comprise a wired network, a wireless network or a combination of wired and 
wireless networks. For example, the network 130 may be a standard "wired" Ethernet 

20 network which may connect each of the wireless access points 120A-B and wired access 
points 120C-D together. Network 130 may include one or more wireless networks based 
on IEEE 802.11 and/or IEEE 802.16. For instance, one or more wireless APs 120A-B 
may be coupled to network 130 in a wireless fashion. Network 130 may include one or 
more DSL (digital subscriber line) and or cable (e.g., cable television) networks and/or 

25 infrastructures. For example, network 130 may include one or more of: cable modems, 
cable modem termination systems (CMTSs), DSL modems, digital subscriber line access 
multiplexers (DSLAMs), broadband remote access servers (BRASs), and/or 
metropolitan area networks (MANs), among others. The network 130 may form part 
of the Internet, or may couple to other networks, e.g., other local or wide area networks, 

30 such as the Internet 170. 
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Network 130 may be coupled to other types of communications networks, (e.g., 
other than the Internet) such as the public switched telephone network (PSTN), where 
user 115 using computing device 110 may send and receive information from/to the 
PSTN or other communication networks. Network 130 may also be coupled to a wide 
5 area network (WAN) 107B, such as a proprietary WAN. Network 130 thus may be, or be 
coupled to, any of various wide area networks (WANs) 107A-B, local area networks 
(LANs), corporate networks 101A-B, including the Internet 170. Network 130 may be 
coupled to a routing computer 105 where routing computer 105 provides authentication 
and access control from one or more computing devices 110 coupled to network 130 or 
10 coupled to one of the access points 120A-D to the various WANs 107A-B, local area 
networks (LANs), and corporate networks 101A-B, including the Internet 170. In one 
embodiment, routing computer 105 may be a broadband remote access server 
(BRAS). 

Access to these networks comprises any "services" these networks may provide. 

15 These services may comprise: email, world wide web, file transfer, printing, file sharing, 
file system sharing, remote file system, network file system (NFS), news, multicast, 
netbios, encryption, domain name service (DNS), routing, tunneling, chat such as Internet 
Remote Chat or AOL Instant Messenger, gaming, licensing, license management, digital 
rights management, network time, remote desktop, remote windowing, audio, database 

20 (e.g., Oracle, Microsoft SQL Server, PostgreSQL, etc.), authentication, accounting, 
authorization, virtual local area network (VLAN) (e.g., IEEE 802. lq), virtual private 
network or VPN, audio, phone, Voice Over Internet Protocol (VoIP), paging, or video, 
among others. 

Moreover, routing computer 105 comprised in NCS 100 may be a computer 
25 system operable to comprise management information base (MIB) 150, network 130, one 
or more wireless access points 120A-B, and/or one or more wired access points 120C-D. 

User 115 operating computing device 110 may communicate with one of the 
wireless APs 120A-D to gain access to a network and its services, such as Internet 170. 
Computing device 110 may have a wireless communication device, e.g., a wireless 
30 Ethernet card, for communicating with one or more of the wireless APs 120A-B. 
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Computing device 110 may instead have a wired communication device, e.g., an Ethernet 
card, for communicating with one or more of the wired APs 120C-D. 

The computing device 110 may be any of various types of devices, including a 
computer system, such as a portable computer, a personal digital assistant (PDA), an 
5 Internet appliance, a communications device, or other wired or wireless device. 
Computing device 110 may include various wireless or wired communication devices, 
such as a wireless Ethernet card, paging logic, RF (radio frequency) communication 
logic, a wired Ethernet card, a modem, a DSL device, an ISDN device, an ATM 
(asynchronous transfer mode) device, a parallel or serial port bus interface, or other type 

1 0 of communication device. 

In one embodiment, computing device 110 includes a memory medium which 
stores identification information. The identification information may be a System ID (an 
IEEE 802.11 System ID), a Media Access Control (MAC) ID of a wireless or wired 
Ethernet device comprised in the computing device 1 10, or other type of information that 

15 uniquely identifies the computing device 110. The identification information may be 
contained in a digital certificate, which may be stored in a web browser, in a client 
software, or in a memory medium of computing device 1 10. 

With wireless APs 120A-B, the wireless communication may be accomplished in 
a number of ways. In one embodiment, computing device 110 and wireless APs 120A-B 

20 are equipped with appropriate transmitters and receivers compatible in power and 
frequency range (e.g., 900MHz, 2.4GHz, 5GHz, etc.) to establish a wireless 
communication link. Wireless communication may also be accomplished through 
cellular, digital, or infrared communication technologies, among others. To provide user 
identification and/or ensure security, computing device 110 may use any of various 

25 security mechanisms. 

With wired APs 120C-D, the wired connection may be accomplished through a 
variety of different ports, connectors, and transmission mediums. For example, the 
computing device 110 may be connected through an Ethernet, USB, Fire Wire (IEEE 
1394) serial, or parallel transmission cables, among others. Computing device 110 may 

30 also include various communication devices for connecting to one of the wired APs 
120C-D, such as wired Ethernet cards, modems, DSL adapters, ATM adapters, EDSN 
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devices, or other communication devices. For example, a hotel may have Ethernet 
connections in the restaurants, shops, meeting rooms, and guest rooms. An airline club, 
e.g., an airport Admiral's Club, may also have both wireless and wired connections for 
mobile users. A user may connect to a wired AP 120C through the use of a laptop 
5 computer (computing device 1 10), an Ethernet network card, and a network cable. This 
connection may have the same impact as a connection made to a wireless AP 120A as 
discussed above. In other words, a user using a wired computing device 110 is able to 
use various network infrastructures in the same manner as a user using a wireless 
computing device 110. 

10 NCS 100 may also include a management information base (MIB) 150. The MIB 

150 may be a mechanism, such as a memory, which may allow the persistent storage and 
management of information needed by network 130 to operate. For example, in one 
embodiment of the invention, the MIB 150 may store a data structure, such as a table 
comprising a list of identification information and a corresponding list of the plurality of 

15 possible networks and/or services. The data structure may also store access information, 
which may comprise associated methods for providing data to the respective plurality of 
possible networks and/or services. The access information may further comprise access 
level and/or privilege level information. Thus, the data structure may comprise a table 
having a plurality of tuples, with each tuple having the identification information. In an 

20 alternate embodiment, as noted above, the data structures which store this information 
may be comprised in each of the access points 120A-D, or may be provided in various 
other locations. 

MIB 150 may store other information, such as a directory of all the elements (e.g., 
access points, computing devices, etc) in the network, the topology of the network, 
25 characteristics of individual network elements, characteristics of connection links, 
performance and trend statistics, and any information which is of interest in the operation 
of network 130. For example, the MIB may store the precise longitude, latitude, altitude 
and other geographic information pinpointing the location of each access point. 

NCS 100 may be geographic-based. In other words, the NCS 100 may provide 
30 information and/or services to the user based at least partly on the known geographic 
location of the computing device 110, e.g., as indicated by APs 120A-D or as indicated 
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by geographic information (e.g., GPS information) provided from computing device 110. 
In one embodiment, APs 120A-D are arranged at known geographic locations and may 
provide geographic location information regarding the geographic location of the user or 
computing device 110. In another embodiment, computing device 110 may provide 
5 geographic location information of the computing device 110 through an AP to network 
130. For example, the computing device 110 may include GPS (Global Positioning 
System) equipment to enable computing device 110 to provide its geographic location 
through the AP to network 130. 

In one embodiment, NCS 100 may service a single venue. In another 

10 embodiment, NCS may service a plurality of venues 175A-D, as shown in FIG. 1A. For 
instance, each of the venues 175A-D may comprise a portion of NCS 100. In another 
embodiment, a plurality of venues, such as venues 175C-D, may comprise a physical 
portion of NCS where the physical portion is common to both venues but may appear as 
more than one portion in a virtual fashion with the use of virtual access points as further 

1 5 described below. 

Memory Medium and Carrier Medium 

One or more of the systems described above, such as computing device 110, APs 

120A-D, MIB 150, and routing computer 105 may include a memory medium on which 
20 computer programs or data according to the present invention may be stored. For 

example, each of the APs 120A-D and/or MIB 150 may store a data structure as 

described above comprising information regarding identification information, 

corresponding networks, and access information such as associated data routing methods. 

Each of the APs 120A-D and/or MIB 150 may further store a software program for 
25 accessing these data structures and using the information therein to properly provide or 

route data between personal computing devices and networks, or to selectively provide or 

route data depending on the access information. 

The term "memory medium" is intended to include various types of memory or 

storage, including an installation medium, e.g., a CD-ROM, or floppy disks, a random 
30 access memory or computer system memory such as DRAM, SRAM, EDO RAM, 

Rambus RAM, NVRAM, EPROM, EEPROM, flash memory etc., or a non-volatile 
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memory such as a magnetic media, e.g., a hard drive, or optical storage. The memory 
medium may comprise other types of memory as well, or combinations thereof. In 
addition, the memory medium may be located in a first computer in which the programs 
are executed, or may be located in a second different computer which connects to the first 
5 computer over a network. In the latter instance, the second computer provides the 
program instructions to the first computer for execution. The memory medium may also 
be a distributed memory medium, e.g., for security reasons, where a portion of the data is 
stored on one memory medium and the remaining portion of the data may be stored on a 
different memory medium. Also, the memory medium may be one of the networks to 

10 which the current network is coupled, e.g., a SAN (Storage Area Network). 

Also, each of the systems described above may take various forms, including a 
personal computer system, mainframe computer system, workstation, network appliance, 
Internet appliance, personal digital assistant (PDA), an embedded computer system, 
television system or other device. In general, the term "computer system" can be broadly 

15 defined to encompass any device having a processor which executes instructions from a 
memory medium. 

The memory medium in one or more of the above systems thus may store a 
software program or data for performing or enabling access or selective network access. 
A CPU or processing unit in one or more of the above systems executing code and data 

20 from a memory medium comprises a means for executing the software program 
according to the methods or flowcharts described below. 

Various embodiments further include receiving or storing instructions and/or data 
implemented in accordance with the present description upon a carrier medium. Suitable 
carrier media include memory media as described above, as well as signals such as 

25 electrical, electromagnetic, or other forms of analog or digital signals, conveyed via a 
communication medium such as networks and/or a wireless link. 

Virtual Access Points 

One or more of the wireless APs 120A-B, routing computer 105, and/or MIB 150 
30 may include software that enables APs 120A-B to accommodate or service users of a 
plurality of different venues. Thus, an AP 120A may be operable to appear as any one of 
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a plurality of different venue APs, meaning that a single wireless AP may "pretend to be" 
or behave as an access point dedicated to a particular venue for each of a plurality of 
different venues. In other words, according to one embodiment of the invention, wireless 
AP 120A may execute one or more software programs that allow it to act as an AP for 
5 each of the plurality of venues. These venues may include venues 175C-D shown in FIG. 
1A. Thus, AP 120A may be capable of broadcasting and/or recognizing any of a 
plurality of system identifications (SDDS) and maintaining associations between the SIDS 
and the users of the respective venues. The identification information may be a System 
ID (an IEEE 802. 1 1 System ED), a MAC ID of a wireless Ethernet device comprised in 

10 the computing device 110, the name of the venue, or other type of information that 
uniquely identifies one (or more) venue providing network access. Where the wireless 
network is IEEE 802.11 wireless Ethernet, the identification information or System ID 
may be a SSID (Service Set ID), an ESSID (Extended Service Set ID) or possibly a 
BSSID (Basic Service Set ID). 

15 In one embodiment, NCS 100 services a geographic region. For example, a 

geographic region may be an airport comprising a possible plurality of venues such as Mc 
Donald's, Burger King, Subway, Starbucks, etc. With NCS 100, each of the possible 
plurality of venues may have its own virtual access point provided by a physical access 
point such as wireless AP 120 A, as shown in FIG. 1A. Additionally, each virtual access 

20 point may use a different wireless communications channel from another, as described 
further below. Moreover, a first venue of the possible venues may have a plurality of 
access codes that will work with the first venue's virtual access point and not work with a 
second venue's virtual access point. One or more of these possible venues may charge a 
fee for access codes that provide access to a network comprised in NCS 100. 

25 Additionally, one or more of these possible venues may distribute access codes without 
charge, for access to a network comprised in NCS 100, as an amenity for patronage of a 
venue. 

Figures 2-5 -- Distribution of Access Codes 
30 Access code 210 may be created within a few moments of a venue associate 200 

distributing access code 210 to user 115. A printer coupled to network 130 or coupled a 
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computer system may be used to print out access code 210, according to one 
embodiment. The computer system may create access code 210 on demand, or it may 
have created access code 210 and stored it in a memory medium or in a database of the 
computer system. Various attributes of access code 210 may be stored in a data structure 
5 along with access code 210. In other embodiments, access codes may be created by a 
computer system coupled to a network comprised in NCS 100. For example, routing 
computer 105 may create access codes and store the access codes in a memory medium 
or in a database coupled to routing computer 105. For instance, the database may be MDB 
150. In another example, access codes may be available through an authorization server 

10 such as an AAA (authentication, authorization, and accounting) server. In various other 
embodiments, access codes may be created and stored in various components of NCS 
100. In one embodiment, access codes may be created and/or stored in a distribution unit 
212. In another embodiment, a roaming partner or ally 178 may create and store access 
codes for distribution to its subscribers. 

15 One advantage to the access code system may be to ensure that user 115, wishing 

access of one or more networks comprised in NCS 100 at a venue, has purchased a 
product from the venue by a person-to-person distribution of an access code 210 to user 
1 15, This is depicted in FIG. 2 by a person-to-person distribution of access code 210 by 
venue associate 200 to user 115. In this depiction, venue associate 200 is a natural 

20 person. 

This may be useful if the venue offers access to one or more networks, comprised 
in NCS 100, as an amenity for patronage to the venue. The venue may also charge for 
access to one or more networks comprised in communication network system 100 by 
selling access codes. For example, FIG. 3 depicts user 115 issuing a venue 175 a 

25 compensation 214 (e.g., money) for other goods or services of venue 175 or access code 
210, and venue 175 issues access code 210 to user 115. 

Another benefit may be a facilitation of collection of monies from user 115 
accessing one or more networks comprised in NCS 100. By this, a venue need not have a 
revenue collection system based on the use of an online credit card billing system and all 

30 the complexities and costs associated with such a system. Venue associate 200 may 
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directly collect revenue from user 115 with the access code system, while leveraging 
existing revenue collection means such as cash registers, credit card "swiper", etc. 

In another embodiment, a venue may have an automated means to distribute 
access codes. FIG. 4 depicts user 115 receiving an access code 210 from a distribution 
5 unit 212. Distribution unit may be automated. In one embodiment the venue may provide 
distribution unit 212 which may be a vending machine to distribute and/or sell access 
codes. In an alternate embodiment, distribution unit 212 may include a display or audio 
system operable to distribute access codes. In an alternate embodiment, distribution unit 
212 may distribute access code 210 to an input of computing device 110, as shown in 
10 FIG. 5. 

In another example, a venue such as a hotel may comprise NCS 100, may desire 
to have control or provide a more personable interaction with its guests. For instance, the 
hotel may benefit from knowledge of a room in which the guest is using computing 
device 110 coupled to one of the APs 120A-D to access one or more networks comprised 

15 in NCS 100. User 115 may call the front desk or an automated menu system for access 
of one or more networks comprised in NCS 100. The hotelier may identify a room 
number from a phone system and may charge the room of user 115 for the access by his 
or her computing device 110. The hotelier may verbally distribute an access code 210 to 
user 115, over the phone system. Alternatively, the hotelier may fax an access code 210 

20 to the room or have access code 210 displayed upon another device in the room, of the 
originating phone call. Alternatively, access code 210 may be automatically 
communicated in a wired or wireless fashion to the computing device 110 of the user. 
Distribution unit 212 may provide this functionality. This may also reduce the 
complexity of identifying the position or geographic location of user 115 by a means of 

25 one or more alternative methods with the plurality of APs 120A-D. Additionally, in a 
venue such as a hotel, a plurality of access codes 210 may be distributed and accounted 
for, as analogous to the way beverages are in the mini-bar of each guest room. 

An access code 210 may be associated with one or more attributes including: a 
certain time time-frame of use such as between certain hours of the day; a duration of use 

30 such as only for two hours after its use; expiration time such as a time in the future, after 
the access code is created; an active or inactive status; a single venue of use such as it 
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may only be used at the Mozart's Cafe in Austin, TX; a plurality of venues of use such as 
comprising all Starbucks coffee shops, comprising the Starbucks located in a geographic 
location like New York, NY, or comprising the Starbucks locations in the Barnes and 
Noble book stores; access to one or more specific networks comprised in NCS 100; a use 
5 of only certain services of one or more networks comprised in NCS 100, such as the 
services mentioned above; or a quality of service (QoS) (e.g., IEEE 802. lp) such as a 
certain bandwidth characteristic of a limit of 128 kilobits per second (kbps) for uploading 
data and 512 kbps for downloading data. 

Associated access code attributes may be useful in several venues. For example, 

10 user 115 may visit a venue such as a law office comprising NCS 100 or a portion of NCS 
100. User 115 may be given an access code 210 to access the Internet 170. Associated 
attributes of access code 210 may direct routing computer 105 to allow computing device 
110 access of the Internet 270 but not to a corporate network 101 A. One or more 
associated attributes of the access code may only allow the access code to be valid 

15 between the hours of 7:00 AM to 6:00 PM local time, will only grant access to the 
Internet 170 for three hours after its use, and is only valid at that specific law office and 
not a second law office possessing a second NCS 100 or a second portion of NCS 100, in 
different geographic region that may be associated with the first law office. 

In another example, it may be determined that user 115 requires or desires access 

20 to the corporate network 101 A comprised in the first NCS 100. User 115 may receive a 
second access code 210 with one or more associated attributes to enable computing 
device 110 access of the corporate network 101 A comprised in the first NCS 100 for a 
period of one hour after the use of the second access code 210. 

Additionally, at a venue with NCS 100, a first access code 210 may allow access, 

25 by a computing device 1 10, of a first network comprised in NCS 100. With a use of a 
second access code 210, access of the first network may be modified. For example, use 
of the first access code 210 allows access of the Internet 170, by computing device 110. 
Use of the second access code 210 may allow access of a corporate network 101 A, by 
computing device 110, while access of the Internet 170 may be revoked. As another 

30 example, use of the first access code 210 allows access of the Internet 170, to computing 
device 110, with a QoS of 128 kbps for uploading data and 512 kbps for downloading 
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data. Use of the second access code may modify access of the Internet 170, allowing the 
QoS by computing device 110 to 512 kbps for uploading data and 784 kbps for 
downloading data. As a third example, the services, of a network, provided to computing 
device 110 may be modified. For instance, the use of the first access code may only 
5 allow a service of the world wide web to computing device 110. With use of the second 
access code, the computing device 110 may have an added service of email, as well. 

Figures 6-7 - Roaming or Ally Relationship 

A venue 175 or geographic region, with a NCS 100, may have a roaming 

10 agreement or contractual relationship with a "roaming partner" or "ally" 178 such as an 
Internet Service Provider (ISP), a telecommunications carrier (e.g., Southwestern Bell, 
Bell South, etc.), a cellular phone carrier, etc. (The owner or operator of the NCS 100 
has an agreement or contractual relationship to provide network access to a plurality of 
subscribers 117 of a roaming partner or ally. Generally speaking, the owner or operator 

15 may have no prior arrangement with a subscriber 1 17 of the roaming partner or ally.) In 
one embodiment, subscriber 117 may receive access code 210 directly from roaming 
partner or ally 178, as shown in FIG. 6. Subscriber 117 who may be a subscriber of a 
roaming partner may call a phone number of the roaming partner, input an identification 
and/or an authorization, and receive an access code. For example, subscriber 117 is at 

20 venue and subscribes to AT&T Wireless Service (ATTWS) for his or her cellular phone 
service. Venue 175 has a roaming agreement with ATTWS which allows a plurality of 
subscribers of ATTWS access to one or more networks comprised in NCS 100 with the 
use of an access code from ATTWS. Subscriber 117 may use his or her cellular phone to 
access an access code distribution system of ATTWS. This system may be automated 

25 and/or comprise one or more natural persons. The identification of subscriber 1 17may be 
the user's cellular phone number, an electronic serial number (ESN), or some other 
means of Caller identification. The authentication of subscriber 1 17 to ATTWS may be a 
password or a Personal Identification Number (PIN). The PIN may simply be the user's 
PIN for access to his or her voice mail. For example, subscriber 117 calls a phone 

30 number (e.g., "555-867-5309", etc.) or a service number (e.g., "*426", etc.) from his or 
her ATTWS cellular phone. ATTWS identifies the cellular phone by an identification 
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means, and the user inputs a PIN used for authentication. Subscriber 117 may receive an 
access code in an audible fashion through the cellular phone, may receive a text message, 
or may receive the access code directly on a display of the cellular phone. 

An owner or operator of NCS 100 of the geographic region may charge the 
5 roaming partner or ally 178 an access fee for use or uses of one or more networks 
comprised NCS 100, or there may be no fee. Venue 175 may even pay the roaming 
partner or ally 178 a fee for use or uses of one or more networks comprised in NCS 100 
by subscriber 117, since the roaming partner or ally 178 may have directed subscriber 
1 17 as a patron to venue 175 or geographic region. 

10 

Figures 8-9 -- Methods for Providing Network Access 

FIG. 8 is a flowchart depicting a computer-implemented method that may be used 

on a computer system comprised in NCS 100. The method starts and proceeds to block 

535, where an access code 210 is received. The method next proceeds to block 540, 
15 where an attempt may be made to retrieve access code 210 from a memory medium used 

for storing access code information. In another embodiment, an attempt may made be to 

retrieve access code 210 from a database that may be stored locally or may be available 

through a network comprised in NCS 100. 

Next, at block 545, it may be determined if the access code was retrieved. If not, 
20 the method completes. If so, the method proceeds to block 550. 

At block 550, possible attributes associated with access code 210 may be 

determined. As above, access code 210 may be associated with one or more attributes. 

The method then proceeds to block 555 where a validity of access code 210 may be 

determined. If the access code has been previously used for an access modification, it 
25 may not be valid. The validity of the access code may be determined from its associated 

attributes. Some examples are as follows. 

If the expiration time attribute of an access code has passed, the access code may 

not be valid. If a time- frame of use attribute of an access code is incorrect (its attempted 

use occurs at 7:00 AM while the time-frame of validity is from 8:00 AM to 6:00 PM), 
30 then the access code may not be valid (until its use during the specific time-frame during 

the hours of 8:00 AM to 6:00 PM). 
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Access code 210 may have an attribute of only being valid on a first AP of the 
APs 120A-D and not on a second AP of the APs 120A-D; thus, if the access code is 
attempted to be used on the second AP, it may not be valid. 

Access code 210 may associate with an attribute specifying a geographic location 
5 of validity or a plurality of geographic locations of validity. In one embodiment, a 
geographic region of validity may be compared against a known geographic location of 
computing device 110. In another embodiment, a geographic region of validity may be 
compared against a known geographic location of an access point communicating with 
computing device 110. Moreover, a geographic location may be of any size. For 

10 example, an access code may only be valid at Starbucks coffee shops in New York, NY, 
and if used outside these areas, access code 210 may not be valid. Further, a geographic 
location may comprise an area or a plurality of areas within a geographic region itself. 
For a second example, a geographic region such as a hotel with NCS 100 access code 210 
may only be valid in a public area or a plurality of public areas of the hotel but not valid 

15 in one or more guest rooms or may not be valid in one or more meeting/ball rooms of the 
hotel. Moreover, access code 210 may be valid in one or more public areas but not in a 
bar of the hotel. As above, a geographic region may comprise any area of any size, 
including parks, portions of airports, areas of a town, cities, states, among others. 

If the access code is determined to be not valid for one or more reasons, the 

20 method completes. If the access code is valid, the system proceeds to block 565. 

At block 565, routing computer 105 may record the use of access code 210. This 
recording, of access code 210 use, may occur in a memory medium or in a database. In 
recording the use of the access code, one or more attributes associated with the access 
code may be adjusted. For instance, an attribute associated with access code 210 may 

25 have its status changed from active to inactive. Access code 210 may be associated with 
a use-specific attribute or flag that may be set to indicate access code 210 as having been 
used. 

In another embodiment, a Secure Socket Layer (SSL) connection, or other 
methods of encryption, may be not necessary in NCS 100, since an access code 210 may 
30 be of one-time-use. Access code 210 may no longer useful or valid, once it is used for 
allowing access and/or service modification of a computing device 110 to one or more 
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networks comprised in NCS 100. Thus, it may not matter if access code 210 is obtained 
from unethical or nefarious means by a second computing device 110 comprised in NCS 
100. The method then proceeds to block 575. 

As block 575 shows, access of one or more networks and/or services of one or 
5 more networks by computing device 110 may be modified. The modification may grant 
and/or revoke access and/or services of one or more networks. For instance, one or more 
services of one or more networks of NCS 100, as noted above, may be granted and/or 
revoked. Furthermore, the QoS of access and/or service of one or more networks may be 
modified, as well. In one embodiment, one or more access points are at known locations 

10 in a geographic region, access and/or service modification may be based on the 
geographic location of computing device 110. In another embodiment, one or more 
access points are at known locations in a geographic region, access and/or service 
modification may be based on the geographic location of an access point communicating 
with computing device 110. 

15 FIG. 9 is a flowchart depicting a computer-implemented method that may be used 

on computing device 110. The method starts and proceeds to block 600, where 
computing device 110 may communicatively couple to an AP of the APs 120A-D. The 
method next proceeds to block 610, where computing device 110 receives an access code 
210 through an input device of computing device 110. The input device may be a 

20 keyboard or may be similar such as a key board displayed on the screen of the computing 
device 110, where user 115 uses a pointing device such as a stylus or mouse. The input 
device may be of other forms as well. For example, these forms may include an input 
port for inputting information into computing device 110 such as a USB port, a serial 
port, a parallel port, a smart card port, a flash memory port, an Ethernet port, or a SIM 

25 card port, among others. Computing device may also receive access code 210 through a 
wireless means. For example, distribution unit 212 may be operable to distribute access 
codes in a wireless fashion to computing devices 110 that are proximate to distribution 
unit 212. Next, at block 620 access code 210 may be sent to a computer system, e.g., 
routing computer 105, of NCS 100 that provides access and/or services of one or more 

30 networks comprised in NCS 100. 
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Wireless Access Point Usage of Multiple Channels 

A wireless AP of APs 120A-B can concurrently use one of a plurality of different 
RF (radio frequency) channels for communication with computing devices of users. For 
example, wireless AP can use one of RF channels 1 through 11. As is well known, RF 
5 channels 1, 6 and 11 are non-overlapping, with the remainder of these channels being 
partially overlapping with other channels. In another example, wireless AP may use one 
or more channels in a first frequency band such as 2.4GHz and concurrently use one or 
more channels in a second frequency band such as 5GHz. In one embodiment, channels 
in one frequency band may provide more bandwidth than channels in another frequency 
10 band. The term "frequency band" may be used to describe any range of contiguous radio 
frequencies. 

According to one embodiment of the present invention, each wireless AP can 
communicate on one or more, e.g. a plurality of or all of, the available wireless channels, 
e.g., the available RF channels. Furthermore, each of the AP 120A-B can control which 
15 channel computing device 110 of a client is able to use. In one embodiment, each 
computing device may scan each of the RF channels until it detects a wireless AP at one 
of the channels. 

In one embodiment, one or more of the wireless APs 120A-B may each utilize a 
plurality of the RF channels, e.g., may use each of the non-overlapping channels 1, 6 and 

20 1 1 to effectively provide up to three times the channel capacity. Thus, one or more of the 
AP 120A-B may be able to control allocations of a plurality or all of the respective RF 
channels to selectively obtain higher bandwidth when appropriate, or to simply 
accommodate a greater number of computing devices 110. Thus, if wireless AP 120 A 
using only one RF channel could only handle fifty computing devices 110 on that 

25 respective channel, the wireless AP 120A may operate to use three non-overlapping RF 
channels to effectively triple this capacity to a total of 150 concurrent or simultaneous 
computing devices 110. 

As another example, if wireless AP 120A is only communicating with one 
computing device 1 10, then the wireless AP 120 A may optionally or selectively use three 

30 non-overlapping RF channels to produce effectively three times the bandwidth for this 
communication. As additional computer devices come into communication with the 
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wireless AP 120A, wireless AP 120 A may selectively allocate different channels to 
different ones of these computing devices as needed. Further, if more than three 
computing devices are communicating with wireless AP 120 A, AP 120 A may partition 
one or more of the respective channels for the respective users, such as using wireless 
5 Ethernet Collision Sense Multiple Access/Collision Detection (CSMA/CD) or other 
multiple access schemes such as TDMA, FDMA, or CDMA, among others. 

In one embodiment, as described above with respect to block 575, a wireless AP 
of the wireless APs 120A-B operates to direct a computing device 110 to an available 
channel, possibly based on one or more attributes associated with the access code 

10 received from the computing device 110. Thus the wireless AP, not the computing 
device, may assign channels for communication. For example, wireless AP 120B may 
operate to direct a computing device 110 to an available communication channel (e.g., an 
RF channel) based on the identification information, e.g., the System ID, received from 
the computing device 110. The wireless AP 120B may also operate to direct the 

15 computing device 110 to an available communication channel based on other types of 
identification or authentication information, or on the determined access of the computing 
device. This allows wireless AP 120B to separate the communication traffic onto 
different channels based on the network provider being used, or based on the access or 
privilege level of computing device 110. For example, wireless AP 120B may assign a 

20 computing device 110 a communication channel based on whether the computing device 
1 10 has access to private portions of the network. 

It is noted that the present invention can be used for a plethora of applications and is 
not limited to the applications shown and/or described herein. In other words, the 
25 applications described herein are exemplary only, and the methods described herein may be 
used for any of various purposes and may be stored in and execute on any of various types 
of systems to perform any of various applications. 

Although the embodiments above have been described in considerable detail, 
numerous variations and modifications will become apparent to those skilled in the art 
30 once the above disclosure is fully appreciated. It is intended that the following claims be 
interpreted to embrace all such variations and modifications. 
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